DO 账号被封，貌似主机被黑了

Please review the following abuse complaint and provide us with a resolution:

******************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Date : 12-03-2014 10:54:06 hs
Send to: [email protected]
============================================================

You are receiving this message because you are listed as the contact for the IP 162.243.149.107 on the RIPE ().
This message is intended for the person responsible for computer security at your site. If this is not the correct address, please forward this message to the appropriate party.

Incident Number: TN-632445/2014
===========================================

Dear Administrator,

We have detected a recent scan probe in our servers. This security incident seems to be originated from an IP address registered to your network.
Here follows the log records regarding such incidente.

Timezone in UTC.

###begin###

2014-03-11 14:36:24 pass TCP from 162.243.149.107:36327 to 143.106.XXX.204:9090
2014-03-11 14:37:49 pass TCP from 162.243.149.107:33004 to 143.106.XXX.219:9090
2014-03-11 14:38:36 pass TCP from 162.243.149.107:42971 to 143.106.XXX.228:9090
2014-03-11 14:38:53 pass TCP from 162.243.149.107:42789 to 143.106.XXX.247:9090
2014-03-11 14:39:02 pass TCP from 162.243.149.107:50509 to 143.106.XXX.203:9090
2014-03-11 14:39:34 pass TCP from 162.243.149.107:35213 to 143.106.XXX.240:9090
2014-03-11 14:40:53 pass TCP from 162.243.149.107:52631 to 143.106.XXX.220:9090
2014-03-11 14:41:14 pass TCP from 162.243.149.107:36356 to 143.106.XXX.204:9090
2014-03-11 14:42:22 pass TCP from 162.243.149.107:41720 to 143.106.XXX.251:9090
2014-03-11 14:43:15 pass TCP from 162.243.149.107:60097 to 143.106.XXX.232:9090
[...]
2014-03-11 16:33:56 pass TCP from 162.243.149.107:48371 to 143.106.XXX.253:443
2014-03-11 16:34:01 pass TCP from 162.243.149.107:44165 to 143.106.XXX.206:443
2014-03-11 16:34:02 pass TCP from 162.243.149.107:47445 to 143.106.XXX.240:443
2014-03-11 16:34:02 pass TCP from 162.243.149.107:47445 to 143.106.XXX.240:443
2014-03-11 16:34:03 pass TCP from 162.243.149.107:50362 to 143.106.XXX.227:443
2014-03-11 16:34:10 pass TCP from 162.243.149.107:34954 to 143.106.XXX.254:443
2014-03-11 16:34:18 pass TCP from 162.243.149.107:43724 to 143.106.XXX.238:443
2014-03-11 16:34:18 pass TCP from 162.243.149.107:43724 to 143.106.XXX.238:443
2014-03-11 16:34:20 pass TCP from 162.243.149.107:55631 to 143.106.XXX.202:443
2014-03-11 16:34:31 pass TCP from 162.243.149.107:47474 to 143.106.XXX.201:443

###end###

We are asking for your help in order to identify who did chose conections and what was his/her purpose.
You should investigate this suspicious activity because it could mean that your network has been compromised and is being used as a launch point for attacks, or someone of your legitimate users are doing hacking activities.
We would like to inform that we maintain a database with all incident reporting and tracking of State University of Campinas and we need your response as soon as possible to resolve this entry.

We have blocked someone from your IP space for abuse. Reason: Port_Scanning. Log lines are below. Time zone is UTC.

2014-03-21T06:02:00+00:00 slurp 1395381719.608702 - - - - - - - - tcp Scan::Address_Scan 162.243.149.107 scanned at least 52 unique hosts on port 8080/tcp in 0m30s remote 162.243.149.107 - 8080 - slurp4-8 Notice::ACTION_LOG 3600.000000 F - - - - -

I am writing to inform you so that you can take whatever action is necessary to prevent this user from doing this again. We would be happy to discuss further if you would like. Please feel free to respond to this email to follow up.

We have detected abuse from the IP address 162.243.149.107. See below for how we obtained your email address in case it is wrong. We would appreciate if you would investigate and take action as appropriate.

** THIS IP ADDRESS IS NULL ROUTED on our entire network, including peering and transit, for a period of time not exceeding 24 hours from the date and time of this email. YOU ARE NOT REQUIRED to reply to this email unless you need more information.

You can see more information on this incident by reviewing the data at http://darknet.superb.net/ip/162.243.149.107 and log lines are given below. Please ask if you require any further information.

You may contact us at [email protected]
(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by an automated process.)

The recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information they provide derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email ([email protected]). Information about the Abuse Contact Database can be found here:
http://abusix.com/global-reporting/abuse-contact-db

abusix.com is neither responsible nor liable for the content or accuracy of this message.

Note: Local timezone is -0400 (EDT)
/var/log/messages:Mar 21 03:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 11 times in a 30 minute period
/var/log/messages:Mar 21 03:47:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period
/var/log/messages:Mar 21 04:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 19 times in a 30 minute period
/var/log/messages:Mar 21 04:47:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 14 times in a 30 minute period
/var/log/messages:Mar 21 05:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period
/var/log/messages:Mar 21 07:47:25 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period

162.243.149.107 was observed probing caltech.edu for security holes. It
has been blocked at our border routers. It may be compromised.

For more info contact [email protected]
Please include the entire subject line of the original message

Blake

(time zone of log is PDT, which is UTC-07:00, date is MMDD)
log entries are from Cisco netflow, time is flow start time
date.time srcIP srcPort dstIP dstPort proto #pkts
0320.23:01:48.420 162.243.149.107 46152 131.215.135.191 8080 6 2
0320.23:02:10.853 162.243.149.107 57528 131.215.154.0 8080 6 1
0320.23:01:25.882 162.243.149.107 53225 134.4.235.178 8080 6 1
0320.23:01:26.134 162.243.149.107 59304 131.215.153.101 8080 6 1
0320.23:01:26.328 162.243.149.107 39040 134.4.121.68 8080 6 1
0320.23:01:24.727 162.243.149.107 53630 131.215.82.97 8080 6 1
0320.23:01:24.919 162.243.149.107 42822 134.4.162.162 8080 6 1
0320.23:01:25.624 162.243.149.107 40470 134.4.220.73 8080 6 1
0320.23:01:26.776 162.243.149.107 54059 131.215.80.189 8080 6 1
0320.23:01:24.864 162.243.149.107 54581 131.215.146.113 8080 6 1
0320.23:01:26.208 162.243.149.107 53385 134.4.151.55 8080 6 1
0320.23:01:26.720 162.243.149.107 52704 131.215.2.61 8080 6 1
0320.23:01:27.745 162.243.149.107 36567 134.4.146.2 8080 6 1
0320.23:01:25.183 162.243.149.107 36047 131.215.5.217 8080 6 1
0320.23:01:25.505 162.243.149.107 35974 134.4.242.118 8080 6 1
0320.23:01:25.824 162.243.149.107 45020 134.4.22.99 8080 6 1
0320.23:01:26.721 162.243.149.107 58952 131.215.36.159 8080 6 1
0320.23:01:26.848 162.243.149.107 36200 134.4.82.140 8080 6 1
0320.23:02:13.449 162.243.149.107 51692 192.12.19.147 8080 6 2
0320.23:01:30.871 162.243.149.107 56782 134.4.94.105 8080 6 1

This email is from the IT Security Team at Utah State University.

This email describes suspicious and/or malicious network activity
that appears to be sourced from your network. We have included
IP Addresses as well as description, documentation, log snippets,
and other useful information about this event.

Please review this information and/or forward to the responsible person.

Thank you.

USU Network Security Team
Utah State University Information Technology
4410 Old Main Hill
Logan, UT 84322-4410
(435)797-1804

IP/CIDR Address: 162.243.149.107

Description:
162.243.149.107 scanned 129.123.0.0/16 for TCP/8080.

Log Snippet (Timestamps are MDT or GMT -0600):
Date flow start Duration Src IP Addr Src Pt Dst IP Addr Dst Pt Flags Packets Bytes Proto
2014-03-21 00:01:35.518 0.000 162.243.149.107 54186 129.123.199.242 8080 ....S. 1 40 6
2014-03-21 00:01:43.461 0.000 162.243.149.107 44448 129.123.192.79 8080 ....S. 1 40 6
2014-03-21 00:01:49.975 0.000 162.243.149.107 35538 129.123.9.61 8080 ....S. 1 40 6
2014-03-21 00:01:51.348 0.000 162.243.149.107 52877 129.123.196.24 8080 ....S. 1 40 6
2014-03-21 00:01:55.954 0.000 162.243.149.107 35187 129.123.190.237 8080 ....S. 1 40 6
2014-03-21 00:02:33.003 0.000 162.243.149.107 49553 204.113.91.120 8080 ....S. 1 40 6
2014-03-21 00:02:33.163 0.000 162.243.149.107 48751 129.123.123.2 8080 ....S. 1 40 6
2014-03-21 00:02:40.513 0.000 162.243.149.107 41920 129.123.197.7 8080 ....S. 1 40 6
2014-03-21 00:02:41.530 0.000 162.243.149.107 56188 129.123.192.252 8080 ....S. 1 40 6
2014-03-21 00:02:42.892 0.000 162.243.149.107 37651 129.123.193.155 8080 ....S. 1 40 6
2014-03-21 00:03:04.538 0.000 162.243.149.107 47344 129.123.194.226 8080 ....S. 1 40 6
2014-03-21 00:03:47.055 0.000 162.243.149.107 40401 204.113.91.74 8080 ....S. 1 40 6
2014-03-21 00:03:50.385 0.060 162.243.149.107 53694 129.123.44.61 8080 ...RS. 2 80 6
2014-03-21 00:03:50.411 0.000 129.123.44.61 8080 162.243.149.107 53694 .A..S. 1 44 6
2014-03-21 00:08:47.203 0.000 162.243.149.107 50176 129.123.198.93 8080 ....S. 1 40 6
2014-03-21 00:09:24.956 0.000 162.243.149.107 50326 129.123.124.234 8080 ....S. 1 40 6
2014-03-21 00:09:27.489 0.000 162.243.149.107 58694 129.123.194.248 8080 ....S. 1 40 6
2014-03-21 00:09:28.011 0.000 162.243.149.107 57072 129.123.194.210 8080 ....S. 1 40 6
2014-03-21 00:09:29.571 0.000 162.243.149.107 45935 129.123.197.155 8080 ....S. 1 40 6
2014-03-21 00:09:33.720 0.000 162.243.149.107 51744 204.113.91.102 8080 ....S. 1 40 6
2014-03-21 00:09:49.379 0.000 162.243.149.107 56471 129.123.193.71 8080 ....S. 1 40 6
2014-03-21 00:10:25.112 0.000 162.243.149.107 40316 129.123.196.105 8080 ....S. 1 40 6
2014-03-21 00:10:48.854 0.000 162.243.149.107 41611 129.123.197.144 8080 ....S. 1 40 6
2014-03-21 00:10:55.181 0.000 162.243.149.107 52034 129.123.6.127 8080 ....S. 1 40 6
2014-03-21 00:11:03.626 0.000 162.243.149.107 60301 129.123.6.118 8080 ....S. 1 40 6
2014-03-21 00:11:29.760 0.000 162.243.149.107 35350 129.123.144.26 8080 ....S. 1 40 6
2014-03-21 00:11:48.487 0.000 162.243.149.107 39401 129.123.192.112 8080 ....S. 1 40 6
2014-03-21 00:11:49.782 0.000 162.243.149.107 57839 129.123.198.2 8080 ....S. 1 40 6
2014-03-21 00:11:53.511 0.000 162.243.149.107 38133 129.123.198.136 8080 ....S. 1 40 6
2014-03-21 00:11:53.867 0.000 162.243.149.107 37319 129.123.192.193 8080 ....S. 1 40 6
2014-03-21 00:11:56.838 0.000 162.243.149.107 46309 129.123.199.175 8080 ....S. 1 40 6
2014-03-21 00:34:25.287 0.000 162.243.149.107 56388 129.123.194.146 8080 ....S. 1 40 6
2014-03-21 00:34:26.495 0.000 162.243.149.107 36881 129.123.123.148 8080 ....S. 1 40 6
2014-03-21 00:34:29.941 0.000 162.243.149.107 43752 129.123.198.104 8080 ....S. 1 40 6
2014-03-21 00:34:54.575 0.000 162.243.149.107 52018 129.123.47.237 8080 ....S. 1 40 6
2014-03-21 00:34:58.348 0.000 162.243.149.107 54173 129.123.193.205 8080 ....S. 1 40 6
2014-03-21 00:35:16.607 0.000 162.243.149.107 34493 204.113.91.75 8080 ....S. 1 40 6
2014-03-21 00:35:20.663 0.000 162.243.149.107 43534 204.113.91.27 8080 ....S. 1 40 6
2014-03-21 00:35:21.487 0.000 162.243.149.107 55875 129.123.6.162 8080 ....S. 1 40 6
2014-03-21 00:35:38.251 0.000 162.243.149.107 56618 129.123.197.93 8080 ....S. 1 40 6
2014-03-21 00:35:55.060 0.000 162.243.149.107 53639 129.123.199.125 8080 ....S. 1 40 6
2014-03-21 00:36:02.278 0.000 162.243.149.107 35218 129.123.199.230 8080 ....S. 1 40 6
2014-03-21 00:36:14.170 0.000 162.243.149.107 41974 129.123.192.249 8080 ....S. 1 40 6
2014-03-21 00:36:45.131 0.000 162.243.149.107 33579 129.123.195.241 8080 ....S. 1 40 6
2014-03-21 00:37:42.490 0.000 162.243.149.107 59077 129.123.41.212 8080 ....S. 1 40 6
2014-03-21 00:37:47.779 0.000 162.243.149.107 34653 129.123.196.199 8080 ....S. 1 40 6
2014-03-21 00:37:55.391 0.000 162.243.149.107 49662 129.123.196.7 8080 ....S. 1 40 6
2014-03-21 00:38:02.218 0.000 162.243.149.107 57254 204.113.91.70 8080 ....S. 1 40 6
2014-03-21 00:38:07.456 0.000 162.243.149.107 45466 129.123.68.69 8080 ....S. 1 40 6
2014-03-21 00:38:09.532 0.000 162.243.149.107 57929 129.123.6.176 8080 ....S. 1 40 6
2014-03-21 00:38:21.860 0.000 162.243.149.107 36596 129.123.193.10 8080 ....S. 1 40 6

Whois data for 162.243.149.107 at time of email:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=162.243.149.107?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 162.243.0.0 - 162.243.255.255
CIDR: 162.243.0.0/16
OriginAS: AS14061, AS62567, AS46652
NetName: DIGITALOCEAN-7
NetHandle: NET-162-243-0-0-1
Parent: NET-162-0-0-0-0
NetType: Direct Allocation
Comment: http://www.digitalocean.com
Comment: Simple Cloud Hosting
RegDate: 2013-09-06
Updated: 2013-09-06
Ref: http://whois.arin.net/rest/net/NET-162-243-0-0-1

OrgName: Digital Ocean, Inc.
OrgId: DO-13
Address: 270 Lafayette St
Address: Suite 1105
City: New York
StateProv: NY
PostalCode: 10012
Country: US
RegDate: 2012-05-14
Updated: 2013-12-12
Ref: http://whois.arin.net/rest/org/DO-13

OrgAbuseHandle: URETS-ARIN
OrgAbuseName: Uretsky, Ben
OrgAbusePhone: +1-646-397-8051
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/URETS-ARIN

OrgTechHandle: URETS-ARIN
OrgTechName: Uretsky, Ben
OrgTechPhone: +1-646-397-8051
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/URETS-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

We have noticed suspicious activity from 162.243.149.107 aimed at one of our servers.
Please investigate this host and disable whichever exploit or malware is causing this activity.
For more information or questions please refer to our website located at http://www.abuse.bz/

Here are our raw logs:
==
[2014-03-21 01:12:17 CET] [Timestamp: 1395360738] [10502896.956902] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.225.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56231 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:13:19 CET] [Timestamp: 1395360800] [10502958.855909] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.206.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50640 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:28:26 CET] [Timestamp: 1395361707] [10503866.019311] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.230.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52781 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:29:07 CET] [Timestamp: 1395361748] [10503906.972359] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.205.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48438 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 02:54:18 CET] [Timestamp: 1395366859] [10509018.004304] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.160.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51430 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 02:56:38 CET] [Timestamp: 1395366998] [10509157.619023] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.167.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41525 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 03:04:23 CET] [Timestamp: 1395367463] [10509622.740358] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=78.41.201.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=44663 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 03:49:06 CET] [Timestamp: 1395370147] [10512305.808307] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.229.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=60979 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:26:08 CET] [Timestamp: 1395372369] [10514528.410242] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=89.207.133.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54742 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:46:17 CET] [Timestamp: 1395373578] [10515737.432167] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=89.207.129.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54989 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:55:17 CET] [Timestamp: 1395374117] [10516276.329147] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.165.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55148 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:56:09 CET] [Timestamp: 1395374169] [10516328.251299] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.226.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39662 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:56:15 CET] [Timestamp: 1395374176] [10516334.771017] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.197.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46791 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 05:01:22 CET] [Timestamp: 1395374482] [10516641.835433] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.224.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45822 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 06:18:02 CET] [Timestamp: 1395379083] [10521242.515018] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.166.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36702 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 06:18:53 CET] [Timestamp: 1395379133] [10521292.751364] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=195.20.205.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37720 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 07:31:23 CET] [Timestamp: 1395383484] [10525643.720661] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.204.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51268 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0

基本就是你的vps被用来扫端口了……
之前我自己测试massscan的时候也被发过这个。

@a2z 那還能找他們回復我的賬戶嗎？

@zijian
那要看他们了。你就说这个和你一点关系都没有，被hacked，让他们重开一台试试

个人意见：这些记录没有必要一条一条看，总而言之就是你的vps被黑了，过了那么多天你都不处理一直到现在被封其实不太能让人理解。。现在因为已经没有了vps的访问权限已经很难找到被黑的原因，要解释也就是说没做好安全工作被黑了吧，也没更多能解释的了

@a2z 嗯 謝謝 我已經和他們解釋了，就說自己不會任何hack技術

@764664 嗯 確實因為自己的疏忽，沒有理睬他們的通知，這檯服務器是我用來做測試用的

国外商家一般都不会封你的号，若你积极的处理。

这几天do确实很慢

人家给你警告了那么多次你都不理...

最近好像很多这种，一般都是一些代码或者是程序出了问题，你看看你VPS上跑的东西吧

@zijian 已经抓到它了